W3C home > Mailing lists > Public > w3c-wai-ig@w3.org > April to June 2016

Re: Accessibility for trustworthiness indicators

From: Chaals McCathie Nevile <chaals@yandex-team.ru>
Date: Thu, 07 Apr 2016 15:22:48 +0200
To: w3c-wai-ig@w3.org, "Daisuke MIYAMOTO" <daisu-mi@nc.u-tokyo.ac.jp>
Message-ID: <op.yfjwsa0ss7agh9@widsith.local>
On Thu, 07 Apr 2016 15:03:00 +0200, Daisuke MIYAMOTO  
<daisu-mi@nc.u-tokyo.ac.jp> wrote:

> Thanks Chaals,
>>> I'm working on phishing prevention, and am concerned with
>>> accessibility for people with disabilities. I'm afraid but
>>> many security information, e.g., address bar colored green,
>>> is really important for distinguishing legitimate sites, but
>>> individuals with visual impairment are hard to recognize it.
> (snip)
>> Normal browser security indicators in toolbars are only sometimes
>> available to screenreaders.
>> But browsers often put up a warning page when a user tries to navigate
>> to something marked as malware by a browser, and that page is generally
>> "reasonably" accessible to screen reader users.
> Yes it is right when a browser succeeded to identify malicious entities.
> I'm afraid but some phishing sites will be shown to users
> even they use the latest version of browser and security software.

True, but this is the case for all users.

>> I think the common problems are:
>> 1. email-based attacks, as you note. I believe some webmail services
>> provide some protection from attachments, but I am not sure if dedicated
>> email clients do the same.
>> 2. Normal websites, that ask for sensitive information such as passwords
>> which can be used to spend real money, on pages that are not secure. In
>> many cases screen reader users don't *know* whether the page is secured.
>> As well as providing shortcuts to security information - which can be
>> done in browsers today - having the ability to state the security state
>> in the title of the page, so it cannot be faked by the page itself,
>> would be a simple technique for browsers to implement.
> Yes. The shortcut for accessing security information is usually appeared
> as visual elements. I think, keyboard shortcut will be of benefit for
> people with visual impairment.

The point of having it in the title is that it gets announced in advance -  
roughly equivalent to having a visual indicator. I agree that being able  
to explicitly navigate to the information and check is *also* useful, but  
normally people don't do that.

One more aspect of using a screen reader and coming across a phishing site  
is that they are normally built to look like another site. But there may  
be cases where the accessibility is quite different, and this should act  
as a not-very-reliable alert to a screen reader user that something is not  



Charles McCathie Nevile - web standards - CTO Office, Yandex
  chaals@yandex-team.ru - - - Find more at http://yandex.com
Received on Thursday, 7 April 2016 13:23:27 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 7 April 2016 13:23:27 UTC